We have seen the recent headlines that anonymous trolls have been identified on Twitter and other social media sites so that people can take legal action. In most cases, the trolls are known or do little to hide their identity. In some cases, though, they seek to hide their identity or, in the case of “ratters” remain hidden as they have unauthorised access to your system. What victims need, though, is a way to identify their trolls so they can take legal actions. If someone is anonymous on the web, then it is hard to take legal action. Even if the service provider deletes the account, the “troll” can subscribe under an assumed name. The problem of identifying people on the internet can prove problematic for the victims. For example, one victim, Nicola Brookes, obtained a high court ruling to reveal the identities of the trolls harassing her through Facebook.

Even though trolls have existed on the internet since its birth, the legislation to deal with them has been unwieldy or just slow to catch up. Most legislation covering such behaviour pre-dates Facebook and Twitter. What has usually kept the trolls contained is that the social media sites have (usually) reacted quickly to complaints of harassment or online bullying. Many services allow users to report abuse. The recent cases that forced Twitter to reveal account identity details show that the companies and the courts are quicker to react to legal requests.

Finding a troll’s lair can be difficult

What Nicola Brookes case reveals are two distinct, but interrelated problems regarding the identity and prosecution of trolls. First, it is difficult to get the police involved. Even though there are laws in place for regulating such online behaviour, it can be difficult to get the police to see the issue as a criminal offence. Police forces may not have the skills, training, and resources to focus on these issues. For some forces, a troll appear less of a priority when compared against their workload of murders, muggings, and burglaries as well as a responsibility for counterterrorism. Given these constraints it is not unreasonable that the police may take the view that it is a civil matter for the victim to resolve through the service provider and the courts. However, the problem of taking a private legal action shows the second difficulty. The second problem is that it is difficult to track down and identify the trolls.

You may have an IP address but do you have the troll?

The internet provider or the social media company may provide the login details and the IP address, but that does not prove the person at the other end was the person responsible. A sophisticated troll may have taken steps to shield their identity through avatars, false names, fake accounts, and other devices that shield their identity or their IP address. To take legal action, victims will have to find their attacker’s identity. Here is where professional troll hunters may find a niche market.

What is a RAT or a ratter? A ratter is someone who uses a Remote Administration Tool (RAT) to access or gain control of someone else’s computer. They exploit a security flaw or a security lapse to gain access and control of the victim’s computer. Most ratters are men and they use the system to spy on women. However, they can use the system to steal banking information as well as encrypt files and hold them to ransom. They will share or sell the “slaves” or bots they have created. Slaves being the term for the people, usually young women, whose computers they can access.

Few Rats are caught but that may change

Such access, while illegal in many countries, can be part of legitimate products such as those that provide remote administration tools for laptop finders. However, in most countries unauthorised access to someone else’s computer is illegal. The problem, while it is not widespread, is that very few ratters are caught. In the United States, the FBI has pursued cases where the ratter has spied on and tried to extort hundreds of victims.

For the most part, a person can escape being a victim of a RAT if they are vigilant about their online security. However, you may not know you have one in your system until it is too late. For some people, going to the police or the authorities may not be an option. In other cases, they may wish to pursue civil penalties against the RAT. If the police are not interested, then you will need someone who can catch the RAT for you. Like the troll hunter, they will not only remove them from your system, but locate them.

Like the Troll hunter, they are likely be private investigators with a skill set for this type of work. They may offer their services to track a RAT down or log in to the various Hack Forums to find locate the people who use the information obtained through a RAT. In the past, the hack forums may have acted as if they were immune, but rat catchers may raise the risk. If the risk of getting caught increases, then RATs may be deterred from their behaviour.

The electronic tools available to the government will become publicly available.

The techniques to track and trace a user can run from the relatively mundane, of geotags, to the more sophisticated and advanced FLAME virus. The FLAME virus though shows an evolution in the process because it allows tracking across systems.

What the FLAME virus that infected a number of computers in the Middle East showed was the ability to track users and their data across locations. The virus allowed files that were infected to be tracked by their locational data. As the virus had the capacity to override normal antivirus protection software, it meant that it is harder to hide if someone is looking for you. Unless someone always live completely as a proxy or without making contact outside of TOR or another deep web system, then they can be found. If you can be tracked, you can be found. If you can be found, you can be brought to justice. Even if you cannot be tracked, the effort required to avoid tracking is likely to keep trolls or RATs from acting on more than an infrequent basis.

For the moment, the capacity to use a FLAME virus is going to be limited to governments. However, the same techniques, will become available. One only need to consider that satellite imagery was nearly the sole preserve of governments in 1970. Now, with Google Earth people can access satellite images. Even if the full powers of FLAME do not become available, similar technologies, below military or government grade, will be available and used by private investigators working in this area. They could use legal means to track and trace a person by searching for them online. When their pictures are found, or their IP signature found, it is only a matter of time before finding their physical address. Once their physical address is known, they can be served with court papers.

Private investigators for the 21st century

In one sense, the private investigator has always existed. What will be new is how they will use technology and the internet vulnerabilities, like geotags in photographs, to track and trace trolls who believe they are anonymous or disguised. Once the trolls become aware of how fast and easy it is to identify them, unless they take extraordinary measures, they will soon realize that trolling is not easy or penalty free. Even if they cannot be brought to court, their identities can be made known to service providers who can then block their access.

Prove you are not a troll by using your own name

What we see on the web is that people are willing to use their own identity as a brand. By using their picture and name, they create transparency, which encourages trust and acceptance. Within social media, transparency is reciprocated so that people will interact. By doing this, the person shows that they are less likely to be a troll because they are acting in their own name. The sooner the troll hunters capture some trolls and they are brought to justice publicly, the sooner more people will be encouraged to blog and write in their own name.

Will this have a chilling effect on anonymity?

In some cases, people will want to remain anonymous either for protection or for legal reasons. For example, whistle blowers may need or want to post anonymously in forums to raise issues. People may use avatars to hide their identity because of medical or legal reasons such as hiding from domestic abuse. In these cases, the courts and service providers are going to be sympathetic. The burden of proof regarding trolling is usually a bright line. A victim comes forward with a persistent campaign of abuse and attack. By contrast, an anonymous poster or a hidden identity is not going to attract the same interest from the courts.

A business opportunity that is ripe for growth.

The web is changing and social media allows us to see a new era has begun to emerge. What we now see are the slow, but certain, ways in which the internet begins to police itself and how it is being policed as forms of order are created. We may see a new form of community governance emerge as the state of nature, which seems to identify much of how the web operates, gives way to a relatively ordered community. For businesses there is an opportunity to exploit this emerging security enforcement breach. The ones that can do this successfully can create a brand that people will trust. One can also see large firms offering this service to protect their users and their employees. See for example, this recent article in the Financial Times on hacker hunters. Although focused on security measures, rather than independent hunters, it does suggest that there is a business case to be exploited.